SecretsManager

Secret Managers Enumeration and Exploitation

Secrets Manager helps manage access to applications, services and IT resources

Enumeration

List all secrets that are stored by Secrets Manager

aws secretsmanager list-secrets

Describe about a specified secret

aws secretsmanager describe-secret --secret-id [secret-name]

Resource-based policy attached to the specified secret

aws secretsmanager get-resource-policy --secret-id [secret-id]

Key Management Server, KMS

All keys available in KMS

aws kms list-keys

Describe about a specified key

aws kms describe-key --key-id [key-id]

List of policies attached to specified key

aws kms list-key-policies --key-id [key-id]

Information about a policy

aws kms get-key-policy --policy-name [policy-name] --key-id [key-id]

Credential access

Secret Manager

aws secretsmanager get-secret-value --secret-id [secret-id]

KMS

Decrypt the encrypted secret by KMS key

aws kms decrypt --ciphertext-blob fileb://encrypted_file --output text --query Plaintext

IAM & exploitation

aws iam get-user-policy --user-name [Username] --profile [Profile] --policy-name [Policy-name] 
{
    <-SNIP->            {
                "Action": [
                    "secretsmanager:GetSecretValue",
                    "secretsmanager:ListSecretVersionIds",
                    "secretsmanager:GetResourcePolicy",
                    "secretsmanager:DescribeSecret"
                ],
                "Resource": [
                    "arn:aws:secretsmanager:us-east-1:014498641740:secret:intro-to-secrets-manager-enumeration-1747034276755-password*",
                    "arn:aws:secretsmanager:us-east-1:014498641740:secret:intro-to-secrets-manager-enumeration-1747034276755-api-key*"
                ],
                "Effect": "Allow",
                "Sid": "AllowSecretsManagerActions"
            },
            {
                "Action": [
                    "secretsmanager:ListSecrets"
                ],
                "Resource": "*",
                "Effect": "Allow",
                "Sid": "AllowListSecrets"
            }
        ]
    }
}

$ aws secretsmanager list-secrets --query 'SecretList[*].[Name, Description, ARN]' --output json

# Lists the versions for a specific secret
# To issue this command, you must have secretsmanager:ListSecretVersionIds access
aws secretsmanager list-secret-version-ids --secret-id <value> 

Get secret

aws secretsmanager get-secret-value --secret-id ext/cost-optimization

Interesting Book

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• Advanced Penetration Testing: Hacking AWS 2 This book delves deeper into analyzing the security of various AWS services and shows techniques and tactics used by an attacker to breach an AWS environment

• Hands-On AWS Penetration Testing with Kali Linux Set up a virtual lab and pentest major AWS services, including EC2, S3, Lambda, and Cloud